Sciweavers

CCS
2008
ACM

BootJacker: compromising computers using forced restarts

14 years 2 months ago
BootJacker: compromising computers using forced restarts
BootJacker is a proof-of-concept attack tool which demonstrates that authentication mechanisms employed by an operating system can be bypassed by obtaining physical access and simply forcing a restart. The key insight that enables this attack is that the contents of memory on some machines are fully preserved across a warm boot. Upon a reboot, BootJacker uses this residual memory state to revive the original host operating system environment and run malicious payloads. Using BootJacker, an attacker can break into a locked user session and gain access to open encrypted disks, web browser sessions or other secure network connections. BootJacker's non-persistent design makes it possible for an attacker to leave no traces on the victim machine. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security General Terms Security Keywords Security, attacks, memory remanence
Ellick Chan, Jeffrey C. Carlyle, Francis M. David,
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Ellick Chan, Jeffrey C. Carlyle, Francis M. David, Reza Farivar, Roy H. Campbell
Comments (0)